Automatic Patch-Based Exploit Generation
http://www.cs.cmu.edu/~dbrumley/pubs/apeg.html
"The automatic patch-based exploit generation problem is: given a
program P and a patched version of the program P', automatically
generate an exploit for the potentially unknown vulnerability
present in P but fixed in P'. In this paper, we propose techniques
for automatic patch-based exploit generation, and show that our
techniques can automatically generate exploits for vulnerable
programs based upon patches provided via Windows Update."
That part doesn't bother me: my response to Microsoft products is to
quote Zathras: "This...is wrong tool. Never use this."
The part that bothers me is that if they're right, and having only skimmed
the paper, I offer no opinion on that yet, then it seems to me that this
technique may work on other systems.
---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
